Forum Discussion
iRule for public IP access to specific section of my URL
I will need someone to validate this iRule for me, pls
Request: allow only a public IP or Subnet access to a section of my URL : https://xxx.xxx.com/xxx/* )
Many recommendations welcome.
after adding the ALLOW_x.x.x.x on Data Group List
when HTTP_REQUEST {
if {[HTTP::uri] eq "https://xxx.xxx.com/xxx/*"} {
if {![class match [IP::client_addr] equals ALLOW_x.x.x.x]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}
- KerryCirrus
HTTP::uri only matches the path. i.e. /xxx/... depending on if you need the quarry string or not if you using http::url or HTTP:: path.
HTTP:host to match the host name. xxx.xxx.com
if {[HTTP::host] eq "xxx.xxx.com"} {
if {[HTTP::uri] starts_with "/xxx/"} {
search f5 irules http::url
search f5 irules http::host
search f5 irules if conditions
Web browser are hard to kickout once connected. no real need for the TCP close.
- zamroni777Nacreous
you can use local traffic policy instead of irules for better performance and manageability.
there is no http respond but you can use http response redirect or tcp reset.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com